US8156228B1 - Method and apparatus to enable confidential browser referrals - Google Patents
Method and apparatus to enable confidential browser referrals Download PDFInfo
- Publication number
- US8156228B1 US8156228B1 US11/864,348 US86434807A US8156228B1 US 8156228 B1 US8156228 B1 US 8156228B1 US 86434807 A US86434807 A US 86434807A US 8156228 B1 US8156228 B1 US 8156228B1
- Authority
- US
- United States
- Prior art keywords
- server
- placeholder
- referral
- information
- communication
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active, expires
Links
- 238000000034 method Methods 0.000 title claims abstract description 30
- 238000004891 communication Methods 0.000 claims abstract description 41
- 238000013507 mapping Methods 0.000 claims description 14
- 238000010586 diagram Methods 0.000 description 4
- 230000003287 optical effect Effects 0.000 description 4
- 238000012795 verification Methods 0.000 description 3
- 230000002093 peripheral effect Effects 0.000 description 2
- 238000012790 confirmation Methods 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 239000000284 extract Substances 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/56—Provisioning of proxy services
- H04L67/563—Data redirection of data network streams
Definitions
- Embodiments of the present invention generally relate to network computing and, more particularly, to a method and apparatus for facilitating a blind referral within a network environment wherein browsers are used.
- one server may refer a browser to another server to either receive certain information or to authorize a user for specific access. For example, upon selecting a specific link in a first server, the browser is referred to a second server for user identity verification. The second server confirms the identity of the user and refers the browser back to the first server with information that enables the user to access the information at the link.
- a client computer is required to disclose information about the first server to the second server.
- the second server needs the first server information in order to refer back to the first server upon redirection, i.e., after user identity confirmation.
- intercepting this list enables someone to know a user's history.
- Such information may provide a list of secure sites used by the user or may merely disclose types of sites the user enjoys visiting. In either case, this information is private information. No solution exists that prevents the second server (or any interceptor) from finding out about the client's use of the first server, and any other servers that are in the referral chain.
- Embodiments of the present invention comprise a method and apparatus for facilitating a blind referral.
- One embodiment of the invention is a method of facilitating a blind referral comprising producing a referral communication for referring a client computer from a connection with a first server to a second server, wherein the referral communication comprises first server information defining a location of the first server, generating a placeholder for the first server information in the referral communication, and replacing the first server information with the placeholder in communications with the second server during the referral communication.
- FIG. 1 is a block diagram of a computer system according to various embodiments of the present invention.
- FIG. 2 is a flow chart of a method for facilitating a blind referral according to an embodiment of the present invention.
- FIG. 3 is another flow chart of a method for facilitating a blind referral according to various embodiments of the present invention.
- FIG. 1 is a block diagram of a computer system 100 according to various embodiments of the present invention.
- the computer system 100 comprises a client computer 102 , a first server 104 , and a second server 106 running several applications and connected to a network 108 that generally forms a portion of the Internet which may comprise various sub-networks such as Ethernet networks, local area networks, wide area networks, wireless networks, and the like.
- a network 108 that generally forms a portion of the Internet which may comprise various sub-networks such as Ethernet networks, local area networks, wide area networks, wireless networks, and the like.
- the hardware depicted in the FIG. 1 may vary from one computer system to another.
- other peripheral devices such as optical disk drives, graphics card, data storage devices, various other input devices, peripherals and the like, may also be used in addition to or in place of the hardware depicted.
- the network 108 provides access to the client computer 102 for various applications located on the first server 104 and the second server 106 .
- the first server 104 comprises, without limitation, a CPU 124 , support circuits 126 , and a memory 128 .
- the CPU 124 may be one or more of any commercially available microprocessors or microcontrollers.
- the support circuits 126 comprise circuits and devices that are used in support of the operation of the CPU 124 . Such support circuits include, for example, one or more of cache, input/output circuits, system bus, PCI bus, clock circuits, power supplies or the like.
- the memory 128 may comprise random access memory, read only memory, optical memory, disk drives, removable memory, and the like. Various types of software processes or modules and information are resident within the memory 128 .
- the Web Page Data module 130 may store the first server information that is used in a referral communication (e.g., a data segment in HTTP protocol).
- Application module 132 may be any application of interest to the user of client computer 104 e.g., a browser.
- the second server 106 comprises, without limitation, a CPU 134 , support circuits 136 , and a memory 138 .
- the CPU 134 may be one or more of any commercially available microprocessors or microcontrollers.
- the support circuits 136 comprise circuits and devices that are used in support of the operation of the CPU 134 . Such support circuits include, for example, one or more of cache, input/output circuits, system bus, PCI bus, clock circuits, power supplies or the like.
- the memory 138 may comprise random access memory, read only memory, optical memory, disk drives, removable memory, and the like. Various types of software processes or modules and information are resident within the memory 138 .
- the web page data module 140 may store website information about a user of client computer 102 , e.g., data segments in HTTP protocol for every website recently visited by the user of client computer 102 .
- Application 144 may comprise software enables communications with the client computer 102 (e.g., completion of an age or identity verification) and then redirect the client computer to the first server 104 .
- the client computer 102 comprises, also without limitation, a CPU 110 , support circuits 112 , and a memory 114 .
- the CPU 110 may be one or more of any commercially available microprocessors or microcontrollers.
- the support circuits 112 comprise circuits and devices that are used in support of the operation of the CPU 110 Such support circuits include, for example, one or more of cache, input/output circuits, system bus, PCI bus, clock circuits, power supplies or the like.
- the memory 114 may comprise random access memory, read only memory, optical memory, disk drives, removable memory, and the like. Various types of software processes or modules and information are resident within the memory 114 .
- the module 118 comprises mapping information in accordance with certain aspects of the present invention.
- the mapping information contains data that matches a placeholder generated by blind referral module 120 to the first server 104 address information.
- the placeholder is a set of dummy characters or may be a dummy address.
- the mapping information 118 and blind referral module 120 may form a portion of or may be coupled to a browser 122 .
- FIG. 2 depicts a flow diagram of method 200 for facilitating a blind referral.
- the method 200 begins at step 202 and proceeds to step 204 , wherein the method 200 ascertains if a referral communication has been initiated. If no referral communication is detected (option “No”), the method ends at step 212 .
- the referral communication is detected when the browser 122 is informed that the first server 104 is redirecting the browser 122 to the second server 106 .
- a placeholder for a first server information is generated (e.g., a set of dummy characters or a dummy address).
- the placeholder may also comprise at least one of a hash value, a client identification, a service identification, a proxy server, or a random alphanumeric string of characters.
- the first server information (e.g., a data segment in HTTP protocol for every website recently visited by the user of client computer 102 ) is replaced with the placeholder.
- the HTTP protocol cannot be analyzed to determine that the first server was visited by the user.
- the method 200 stores the first server information and the placeholder as mapping information.
- the browser uses the mapping information to identify the first server and redirect the connection to that server as described below. The method, again, ends at step 212 .
- FIG. 3 depicts a flow diagram of a method 300 for performing a referral communication in accordance with an alternative embodiment of the invention wherein the second server redirects the browser back to the first server.
- the method begins at step 302 and proceeds to step 304 , wherein the method 300 ascertains if a referral communication has been initiated, e.g., has the browser detected a redirection. If a referral communication is not detected at step 304 (option “No”), the method ends at step 318 .
- a first server tag e.g., a data segment in HTTP protocol
- the blind referral module such as the blind referral module 120 that is resident in the client computer 102 , generates a placeholder tag (e.g., an HTTP tag for HTTP headers).
- the placeholder tag is mapped to the first server tag. That is, for example, blind referral module 120 may relate the first server tag to the placeholder tag in a look-up table stored in the memory 114 as mapping information 118 .
- the client computer 102 may communicate with the second server 106 using the placeholder tag which, for example, has been placed in the first server HTTP header. Now, the second server 106 does not have any information regarding the identity of the first server 104 .
- the client computer 102 is redirected by the blind referral module 120 to the placeholder address, at step 314 .
- the blind referral module 120 extracts the placeholder tag and replaces it with the first server tag using the mapped information. Accordingly, the second server 106 blindly refers the client computer 102 to the first server 104 . In this manner a client computer always maintains control of the referral information.
- Method 300 ends at step 318 .
- the placeholder generated for the second server is verified using a security service coupled to the second server.
Abstract
Description
Claims (10)
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US11/864,348 US8156228B1 (en) | 2007-09-28 | 2007-09-28 | Method and apparatus to enable confidential browser referrals |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US11/864,348 US8156228B1 (en) | 2007-09-28 | 2007-09-28 | Method and apparatus to enable confidential browser referrals |
Publications (1)
Publication Number | Publication Date |
---|---|
US8156228B1 true US8156228B1 (en) | 2012-04-10 |
Family
ID=45922213
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US11/864,348 Active 2028-07-22 US8156228B1 (en) | 2007-09-28 | 2007-09-28 | Method and apparatus to enable confidential browser referrals |
Country Status (1)
Country | Link |
---|---|
US (1) | US8156228B1 (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US10341418B2 (en) * | 2015-11-06 | 2019-07-02 | Microsoft Technology Licensing, Llc | Reducing network bandwidth utilization during file transfer |
Citations (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6092196A (en) * | 1997-11-25 | 2000-07-18 | Nortel Networks Limited | HTTP distributed remote user authentication system |
US20020133613A1 (en) * | 2001-03-16 | 2002-09-19 | Teng Albert Y. | Gateway metering and bandwidth management |
US20030051054A1 (en) * | 2000-11-13 | 2003-03-13 | Digital Doors, Inc. | Data security system and method adjunct to e-mail, browser or telecom program |
US20030080997A1 (en) * | 2001-10-23 | 2003-05-01 | Marcel Fuehren | Anonymous network-access method and client |
US20040054898A1 (en) * | 2002-08-28 | 2004-03-18 | International Business Machines Corporation | Authenticating and communicating verifiable authorization between disparate network domains |
US6760758B1 (en) * | 1999-08-31 | 2004-07-06 | Qwest Communications International, Inc. | System and method for coordinating network access |
US20040205198A1 (en) * | 2000-06-30 | 2004-10-14 | Zellner Samuel N. | Anonymous location service for wireless networks |
US20050074126A1 (en) * | 2002-01-29 | 2005-04-07 | Stanko Joseph A. | Single sign-on over the internet using public-key cryptography |
US20060200503A1 (en) * | 2005-03-03 | 2006-09-07 | Nokia Corporation | Modifying back-end web server documents at an intermediary server using directives |
US20080016151A1 (en) * | 2006-07-12 | 2008-01-17 | International Business Machines Corporation | Client-side aggregation of context-sensitive request results where results for aggregation are asynchronously produced by multiple servers |
US20100100724A1 (en) * | 2000-03-10 | 2010-04-22 | Kaliski Jr Burton S | System and method for increasing the security of encrypted secrets and authentication |
-
2007
- 2007-09-28 US US11/864,348 patent/US8156228B1/en active Active
Patent Citations (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6092196A (en) * | 1997-11-25 | 2000-07-18 | Nortel Networks Limited | HTTP distributed remote user authentication system |
US6760758B1 (en) * | 1999-08-31 | 2004-07-06 | Qwest Communications International, Inc. | System and method for coordinating network access |
US20100100724A1 (en) * | 2000-03-10 | 2010-04-22 | Kaliski Jr Burton S | System and method for increasing the security of encrypted secrets and authentication |
US20040205198A1 (en) * | 2000-06-30 | 2004-10-14 | Zellner Samuel N. | Anonymous location service for wireless networks |
US20030051054A1 (en) * | 2000-11-13 | 2003-03-13 | Digital Doors, Inc. | Data security system and method adjunct to e-mail, browser or telecom program |
US20020133613A1 (en) * | 2001-03-16 | 2002-09-19 | Teng Albert Y. | Gateway metering and bandwidth management |
US20030080997A1 (en) * | 2001-10-23 | 2003-05-01 | Marcel Fuehren | Anonymous network-access method and client |
US20050074126A1 (en) * | 2002-01-29 | 2005-04-07 | Stanko Joseph A. | Single sign-on over the internet using public-key cryptography |
US20040054898A1 (en) * | 2002-08-28 | 2004-03-18 | International Business Machines Corporation | Authenticating and communicating verifiable authorization between disparate network domains |
US20060200503A1 (en) * | 2005-03-03 | 2006-09-07 | Nokia Corporation | Modifying back-end web server documents at an intermediary server using directives |
US20080016151A1 (en) * | 2006-07-12 | 2008-01-17 | International Business Machines Corporation | Client-side aggregation of context-sensitive request results where results for aggregation are asynchronously produced by multiple servers |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US10341418B2 (en) * | 2015-11-06 | 2019-07-02 | Microsoft Technology Licensing, Llc | Reducing network bandwidth utilization during file transfer |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10021078B2 (en) | System, apparatus and method for encryption and decryption of data transmitted over a network | |
US7765275B2 (en) | Caching of private data for a configurable time period | |
US8533328B2 (en) | Method and system of determining vulnerability of web application | |
CN101167079B (en) | User affirming device and method | |
GB2567932A (en) | Privacy-preserving identity verification | |
US20180212963A1 (en) | Method and apparatus for accessing website | |
US20130263263A1 (en) | Web element spoofing prevention system and method | |
AU2014240202B2 (en) | Dynamic tokenization with multiple token tables | |
US10511628B1 (en) | Detecting realtime phishing from a phished client or at a security server | |
JP5735539B2 (en) | System, apparatus and method for encrypting and decrypting data transmitted over a network | |
US10911485B2 (en) | Providing cross site request forgery protection at an edge server | |
US11575707B2 (en) | System and method for blocking phishing attempts in computer networks | |
US20230247007A1 (en) | Quic transport protocol-based communication method and system | |
KR102408205B1 (en) | Method and apparatus for detecting life cycle step of website | |
CN107294931B (en) | Method and apparatus for adjusting restricted access frequency | |
US8156228B1 (en) | Method and apparatus to enable confidential browser referrals | |
CN105227519B (en) | It is a kind of to have secure access to the method for webpage, client and server | |
US8667563B1 (en) | Systems and methods for displaying personalized content | |
EP3588347B1 (en) | Systems and methods for identifying unknown attributes of web data fragments when launching a web page in a browser | |
US11218551B1 (en) | Method and system for user identification based on user environment | |
CN105262721A (en) | Account authentication method and authentication device | |
KR102367545B1 (en) | Method and system for preventing network pharming | |
Jakobsson et al. | Legacy Servers: Teaching Old Dogs New Tricks | |
Kumar et al. | Security Issues Through Authentication in Digital Content |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AS | Assignment |
Owner name: SYMANTEC CORPORATION, CALIFORNIA Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:HERNACKI, BRIAN;SATISH, SOURABH;SIGNING DATES FROM 20070926 TO 20070927;REEL/FRAME:019903/0735 |
|
AS | Assignment |
Owner name: SYMANTEC CORPORATION, CALIFORNIA Free format text: ADDRESS CHANGE OF ASSIGNEE;ASSIGNOR:SYMANTEC CORPORATION;REEL/FRAME:027803/0875 Effective date: 20090905 |
|
STCF | Information on status: patent grant |
Free format text: PATENTED CASE |
|
FPAY | Fee payment |
Year of fee payment: 4 |
|
MAFP | Maintenance fee payment |
Free format text: PAYMENT OF MAINTENANCE FEE, 8TH YEAR, LARGE ENTITY (ORIGINAL EVENT CODE: M1552); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY Year of fee payment: 8 |
|
AS | Assignment |
Owner name: CA, INC., CALIFORNIA Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:SYMANTEC CORPORATION;REEL/FRAME:051144/0918 Effective date: 20191104 |
|
FEPP | Fee payment procedure |
Free format text: MAINTENANCE FEE REMINDER MAILED (ORIGINAL EVENT CODE: REM.); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY |